An Empirical Investigation on Snort NIDS versus Supervised Machine Learning Classifiers
Main Article Content
Abstract
With the vast usage of network services, Security became an important issue for all network types. Various techniques emerged to grant network security; among them is Network Intrusion Detection System (NIDS). Many extant NIDSs actively work against various intrusions, but there are still a number of performance issues including high false alarm rates, and numerous undetected attacks. To keep up with these attacks, some of the academic researchers turned towards machine learning (ML) techniques to create software that automatically predict intrusive and abnormal traffic, another approach is to utilize ML algorithms in enhancing Traditional NIDSs which is a more feasible solution since they are widely spread. To upgrade the detection rates of current NIDSs, thorough analyses are essential to identify where ML predictors outperform them. The first step is to provide assessment of most used NIDS worldwide, Snort, and comparing its performance with ML classifiers. This paper provides an empirical study to evaluate performance of Snort and four supervised ML classifiers, KNN, Decision Tree, Bayesian net and Naïve Bays against network attacks, probing, Brute force and DoS. By measuring Snort metric, True Alarm Rate, F-measure, Precision and Accuracy and compares them with the same metrics conducted from applying ML algorithms using Weka tool. ML classifiers show an elevated performance with over 99% correctly classified instances for most algorithms, While Snort intrusion detection system shows a degraded classification of about 25% correctly classified instances, hence identifying Snort weaknesses towards certain attack types and giving leads on how to overcome those weaknesses.
es.
Article received: 5/8/2022
Article accepted: 21/9/2022
Article published: 1/2/2023
Article Details
How to Cite
Publication Dates
References
Sicato, Jose Costa Sapalo, Sushil Kumar Singh, Shailendra Rathore, and Jong Hyuk Park, 2020. "A comprehensive analyses of intrusion detection system for IoT environment." Journal of Information Processing Systems, 16 (4), pp. 975-990.
Mazurczyk, Wojciech, and Luca Caviglione, 2021. "Cyber reconnaissance techniques." Communications of the ACM, pp: 86-95.
Shetty, Nisha P., Jayashree Shetty, Rohil Narula, and Kushagra Tandona, 2020. "Comparison study of machine learning classifiers to detect anomalies." International Journal of Electrical and Computer Engineering (IJECE), 10 (5), pp. 5445.
Tesink, Sebastiaan, 2007, "Improving intrusion detection systems through machine learning." Group (07). www.bughunt.org/ thesis_lai.pdf.
Saboor A, Akhlaq M, Aslam B. 2013, "Experimental evaluation of Snort against DDoS attacks under different hardware conFigureurations", National Conference on Information Assurance (NCIA), IEEE, pp. 31-37.
Dabbour, Mohammad, Izzat M. Alsmadi, and Emad Alsukhni. 2013, "Efficient assessment and evaluation for websites vulnerabilities using SNORT." International Journal of Security and Its Applications.7(1).
Alqahtani, Hamed, Iqbal H. Sarker, Asra Kalim, Minhaz Hossain, Syed Md, Sheikh Ikhlaq, and Sohrab Hossain. 2020, "Cyber intrusion detection using machine learning classification techniques." In International Conference on Computing Science, Communication and Security, pp. 121-131.
Hussein M. and Mohammed S., 2022. "Performance Analysis of different Machine Learning Models for Intrusion Detection Systems." Journal of Engineering 28(5), pp. 61-91.
Shah, Syed Ali Raza, and Biju Issac. 2018, "Performance comparison of intrusion detection systems and application of machine learning to Snort system." Future Generation Computer Systems 80, pp. 157-170.
Isa, F.M., Saad, S., Fadzil, A.F.A. and Saidi, R.M., 2019. "Comprehensive performance assessment on open source intrusion detection system. " In Proceedings of the Third International Conference on Computing, Mathematics and Statistics (iCMS2017) Springer, Singapore, pp. 45-51.
Dutta, Nitul, Nilesh Jadav, Sudeep Tanwar, Hiren Kumar Deva Sarma, and Emil Pricop. 2022, "Intrusion Detection Systems Fundamentals." In Cyber Security: Issues and Current Trends, pp. 101-127.
Kurundkar, G. D., N. A. Naik, and S. D. Khamitkar. 2012. "Network intrusion detection using Snort." International Journal of Engineering Research and Applications 2, pp. 1288-1296.
Hussain, Abid, and P. Sharma, 2019,"Efficient Working of Signature Based Intrusion Detection Technique in Computer Networks", International Journal of Scientific Research in Computer Science, Engineering and Information Technology (IJSRCSEIT), pp.60-64.
Solanki, S., C. Gupta, and K. Rai. 2020 "A Survey on Machine Learning based Intrusion Detection System on NSL-KDD Dataset." Int. J. Comput. Appl 176 ,pp: 36-39.
Shaukat K, Luo S, Chen S, Liu D.,2020, "Cyber threat detection using machine learning techniques: A performance evaluation perspective", International Conference on Cyber Warfare and Security (ICCWS), IEEE, Oct 20, pp:1-6.
Shaukat, Kamran, Suhuai Luo, Vijay Varadharajan, Ibrahim A. Hameed, and Min Xu. 2020, "A survey on machine learning techniques for cyber security in the last decade." IEEE Access 8, pp. 222310-222354,
Barot, Virendra, Sameer Singh Chauhan, and Bhavesh Patel. 2014. "Feature selection for modeling intrusion detection." International Journal of Computer Network and Information Security, pp. 56-62.
Maleki, F., Ovens, K., Najafian, K., Forghani, B., Reinhold, C. and Forghani, R., 2020. Overview of machine learning part 1: fundamentals and classic approaches. Neuroimaging Clinics, 30(4), pp.17-32.
Kim, Kwangjo, Muhamad Erza Aminanto, and Harry Chandra Tanuwidjaja. 2018 "Network intrusion detection using deep learning: a feature learning approach.".
Hameed, Ibtihaal M., Sadiq H. Abdulhussain, and Basheera M. Mahmmod., 2021. "Content-based image retrieval: A review of recent trends." Cogent Engineering, 8(1), pp. 1927469.
Khudhur, Dhuha Dheyaa, and Muayad Sadik Croock, 2021. "Developed security and privacy algorithms for cyber physical system." International Journal of Electrical & Computer Engineering. pp: 2088-8708.
Mualfah, Desti, and Imam Riadi, 2017."Network forensics for detecting flooding attack on web server." International Journal of Computer Science and Information Security 15.2, pp. 326.
Laqtib, Safaa, Khalid El Yassini, and Moulay Lahcen Hasnaoui. 2020. "A technical review and comparative analysis of machine learning techniques for intrusion detection systems in MANET." International Journal of Electrical and Computer Engineering. pp. 2701.
Yousif, Samar Taha, and Zaid Abass Fadahl. 2021. "Proposed Security Framework for Mobile Data Management System." Journal of Engineering, 27 (7), pp: 13-23.
Khamphakdee, Nattawat, Nunnapus Benjamas, and Saiyan Saiyod. 2014. "Improving intrusion detection system based on snort rules for network probe attack detection.". 2nd International Conference on Information and Communication Technology (ICoICT), IEEE, pp. 69-74.
Bharati, Manisha, and Sharvaree Tamane. 2017. "Defending against bruteforce attack using open source SNORT”. International Conference on Inventive Computing and Informatics (ICICI), IEEE.
Saeh I, Mustafa W, Al-Geelani N., 2016. "New Classifier Design for Static Security Evaluation Using Artificial In-telligence Techniques". International journal of electrical and computer engineering.
Abbas, A. R., & Kareem, A. R., 2018. "Intelligent age estimation from facial images using machine learning techniques". Iraqi Journal of Scienc. pp. 724-732.
Grąbczewski, Krzysztof. 2014. "Meta-learning in decision tree induction." Cham: Springer International Publishing, 1.
Wattanapongsakorn N, Srakaew S, Wonghirunsombat E, Sribavonmongkol C, Junhom T, Jongsubsook P, Charnsripinyo C., 2012. " A practical network-based intrusion detection and prevention system", IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, Jun 25, pp. 209-214.
Aburomman, Abdulla Amin, and Mamun Bin Ibne Reaz., 2016. "Review of IDS development methods in machine learning." International Journal of Electrical and Computer Engineering, pp. 2432-2436.